V7 - Authentication callback invalid grant error / CORS error

Hi @lclisson ,

after a little refacto, we succeeded in starting our Forest by removing the config package that we normally use for environment variable management. Here is the lib which conflicts with the /config folder of Forest architecture: config - npm. (It’s a bit annoying because we like this package very much :slight_smile: )

We know get a more classical authentication error on all environments except for Docker_development :

Do you have any insights to help us authenticate successfully ?

Context:

"liana": "forest-express-mongoose",
    "liana_version": "7.8.2",
    "stack": {
      "database_type": "MongoDB",
      "engine": "nodejs",
      "engine_version": "12.22.1",
      "orm_version": "5.9.4"
    }

Hello @Guiguijo;

Can you please paste the details of the OPTIONS request, that is made by the browser just before this one?

The OPTIONS request is the source of this error.

Hi @GuillaumeGautreau ,

are you speaking of this one?


No, it’s the one on the same URL than the one that is failing (/forest/authentication/callback).

I think that you have 2 issues here:

  • A cors error that is blocking the request
  • But the request itself shows an error: “You are not allowed to access to this client”

Can you please paste the client id that is sent in this request? I’d like to check that it is correct.

sorry! Here is the OPTIONS request:


I can’t see any client id in this request. The client id is used juste before in these GET and OPTIONS requests:

https://api.forestadmin.com/oidc/auth?client_id=eyJraWQiOiJ6d0VjbU5LVVpVTkdYUnlNRzZ2QUoyTTVfYzBoZGhfblBXS0hYWjhGUTFBIiwiYWxnIjoiUlMyNTYifQ.eyJ0b2tlbl9lbmRwb2ludF9hdXRoX21ldGhvZCI6Im5vbmUiLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vYXBpLWZvcmVzdC5qb2lubHkuY29tL2ZvcmVzdC9hdXRoZW50aWNhdGlvbi9jYWxsYmFjayJdLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiZ3JhbnRfdHlwZXMiOlsiYXV0aG9yaXphdGlvbl9jb2RlIl0sInJlc3BvbnNlX3R5cGVzIjpbImNvZGUiXSwiZW52aXJvbm1lbnRfaWQiOjQ5ODk4LCJpc3MiOiJGT1JFU1RfQVVUSEVOVElDQVRJT05fU1lTVEVNIiwiaWF0IjoxNjIzOTQ0NjE4fQ.PLl6-qqOXTyKDEqvh7otOftp2GpgkUQOp74xfWT0ev5PrsO_7nJwEvVtF654gCwKXWoUvzztDsnS62e1iOiQX8wR2LljwHDDxMWN3Dn_-HSs3zO--S-4ijvLxSZkNm4jS4TyvEonxkgNXTH8JAKh4o5OxLxiE9IcuKCgCt_Gv8IRGm63YpLFbfho992oHe99qeytjLDGdSowvjovSiSot25yJlYG0Gb2l5gvClSeM0bvXEqvhz-YHr8awenHLzCvHTsE3-nO0mV5i8LfzKYMFwC8VtaZxTe9l51qCVHTsQucKqTtIs8ahmN3yTySE0VCE1SYyA1jLF9RyJ9gb2z6NA&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fapi-forest.joinly.com%2Fforest%2Fauthentication%2Fcallback&state=%7B%22renderingId%22%3A61777%7D

@GuillaumeGautreau is the client id correct ?

The error means that you don’t have access to the environment that is linked to this client id. I checked the client id:

  • The URL of the endpoint is https://api-forest.joinly.com/forest/authentication/callback
  • It is linked to a development environment, which was using an url on localhost, and that is deleted now.

So, this client ID has 2 problems:

  • It’s pointing to an environment that is deleted now
  • There is a mismatch between the URL in the client id, and the real environment’s url.

Could you please re-generate a client ID, and make sure that the URL and the ENVIRONMENT_SECRET are matching the real info from your environment.

hi @GuillaumeGautreau,

after regenerating client ids, we eventually could authenticate.

Still, a little issue on Docker_development environment:

Cannot it be a problem of FOREST_AUTH_SECRET?

The FOREST_AUTH_SECRET is used to sign JWT that authenticate users, so I don’t think it’s the problem here.

Do you have any info in the console that indicate why these requests are marked as failed? It looks like a network error. Can you access to the url in your browser?

@GuillaumeGautreau I think we are good now. We had a file transpilation error that caused this error.

Now that I have deployed my develop branch to my integration environment. I would like to push my forest branch to my integration environment but when I do so I get an error saying:

 ›   Error: Failed to push branch: source and destination environments must have the same schema

However schema are supposed to be the same since I just deployed the dev one to the integration env.

As this is a totally different topic, can you create another thread? :slightly_smiling_face:

I’ll mark this one as solved. It’ll help people find solutions to their issues if they face the same as yours.

1 Like